d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
31b998816c
freebsd-dev/lib/libthr/thread/thr_cancel.c
John Baldwin dc3566067a Ensure thread library is initialized in pthread_testcancel(). 
Call _thr_check_init() before reading curthread in pthread_testcancel().

If a constructor in a library creates a semaphore via sem_init() and
then waits for it via sem_wait(), the program can core dump in
_pthread_testcancel() called from sem_wait().  This is because the
semaphore implementation lives in libc, so the library's constructors
can be run before libthr's constructors.

Reported by:	arichardson
Reviewed by:	kib
Obtained from:	CheriBSD
MFC after:	1 week
Sponsored by:	DARPA / AFRL
Differential Revision:	https://reviews.freebsd.org/D14786
2018-03-21 21:13:26 +00:00

182 lines
4.4 KiB
C
Raw Blame History

/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* Copyright (c) 2005, David Xu <davidxu@freebsd.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice unmodified, this list of conditions, and the following
* disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include "namespace.h"
#include <pthread.h>
#include "un-namespace.h"
#include "thr_private.h"
__weak_reference(_pthread_cancel, pthread_cancel);
__weak_reference(_pthread_setcancelstate, pthread_setcancelstate);
__weak_reference(_pthread_setcanceltype, pthread_setcanceltype);
__weak_reference(_pthread_testcancel, pthread_testcancel);
static inline void
testcancel(struct pthread *curthread)
{
if (__predict_false(SHOULD_CANCEL(curthread) &&
!THR_IN_CRITICAL(curthread)))
_pthread_exit(PTHREAD_CANCELED);
}
void
_thr_testcancel(struct pthread *curthread)
{
testcancel(curthread);
}
int
_pthread_cancel(pthread_t pthread)
{
struct pthread *curthread = _get_curthread();
int ret;
/*
* POSIX says _pthread_cancel should be async cancellation safe.
* _thr_find_thread and THR_THREAD_UNLOCK will enter and leave critical
* region automatically.
*/
if ((ret = _thr_find_thread(curthread, pthread, 0)) == 0) {
if (!pthread->cancel_pending) {
pthread->cancel_pending = 1;
if (pthread->state != PS_DEAD)
_thr_send_sig(pthread, SIGCANCEL);
}
THR_THREAD_UNLOCK(curthread, pthread);
}
return (ret);
}
int
_pthread_setcancelstate(int state, int *oldstate)
{
struct pthread *curthread = _get_curthread();
int oldval;
oldval = curthread->cancel_enable;
switch (state) {
case PTHREAD_CANCEL_DISABLE:
curthread->cancel_enable = 0;
break;
case PTHREAD_CANCEL_ENABLE:
curthread->cancel_enable = 1;
if (curthread->cancel_async)
testcancel(curthread);
break;
default:
return (EINVAL);
}
if (oldstate) {
*oldstate = oldval ? PTHREAD_CANCEL_ENABLE :
PTHREAD_CANCEL_DISABLE;
}
return (0);
}
int
_pthread_setcanceltype(int type, int *oldtype)
{
struct pthread *curthread = _get_curthread();
int oldval;
oldval = curthread->cancel_async;
switch (type) {
case PTHREAD_CANCEL_ASYNCHRONOUS:
curthread->cancel_async = 1;
testcancel(curthread);
break;
case PTHREAD_CANCEL_DEFERRED:
curthread->cancel_async = 0;
break;
default:
return (EINVAL);
}
if (oldtype) {
*oldtype = oldval ? PTHREAD_CANCEL_ASYNCHRONOUS :
PTHREAD_CANCEL_DEFERRED;
}
return (0);
}
void
_pthread_testcancel(void)
{
struct pthread *curthread;
_thr_check_init();
curthread = _get_curthread();
testcancel(curthread);
}
void
_thr_cancel_enter(struct pthread *curthread)
{
curthread->cancel_point = 1;
testcancel(curthread);
}
void
_thr_cancel_enter2(struct pthread *curthread, int maycancel)
{
curthread->cancel_point = 1;
if (__predict_false(SHOULD_CANCEL(curthread) &&
!THR_IN_CRITICAL(curthread))) {
if (!maycancel)
thr_wake(curthread->tid);
else
_pthread_exit(PTHREAD_CANCELED);
}
}
void
_thr_cancel_leave(struct pthread *curthread, int maycancel)
{
curthread->cancel_point = 0;
if (__predict_false(SHOULD_CANCEL(curthread) &&
!THR_IN_CRITICAL(curthread) && maycancel))
_pthread_exit(PTHREAD_CANCELED);
}
void
_pthread_cancel_enter(int maycancel)
{
_thr_cancel_enter2(_get_curthread(), maycancel);
}
void
_pthread_cancel_leave(int maycancel)
{
_thr_cancel_leave(_get_curthread(), maycancel);
}
Reference in New Issue View Git Blame Copy Permalink